Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 08 Sep 2000 18:02:28 -0600
From:      Ben Schumacher <ben@henshaw.net>
To:        freebsd-questions@freebsd.org
Subject:   RADIUS Authentication via MAC Addresses
Message-ID:  <4.3.2.7.2.20000908174646.03505220@pop.henshaw.net>

next in thread | raw e-mail | index | archive | help
Hello-

I'm working on a new project for my company and was wondering if anybody 
could give me insight on how I might do RADIUS authentication via MAC 
addresses.  We're looking to provide broadband internet access to entire 
buildings, but would prefer to do some sort of authentication scheme other 
than PPPoE (which creates headaches when you're trying to set it up on 
client boxes).  One of the ideas that came to mind was authentication 
through MAC addresses.  Since we're already using RADIUS for our dialup 
authenticaiton, it seemed like a good solution to tie this system into that 
as well.

Does anybody have any ideas on how this could be accomplished on a FreeBSD 
platform.  The idea is that when people bring up their machines, the router 
would verify their MAC address and if it isn't authenticated, it would drop 
packets to/from their box.

The only solution I've come up with so far is a rather complicated kludge 
involving the ARP tables and ipfw rules.  While this would likely work, I 
would prefer to do something more solid, even if it involves some hacking 
in the FreeBSD kernel.

I open to any suggestions, so please feel free to toss out whatever you can 
think of.

Thank you,
- Ben Schumacher



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20000908174646.03505220>